Method for transmitting data in a wlan network

ABSTRACT

The invention relates to a method for transmitting data in a WLAN network (Wireless Local Area Network), whereby WLAN messages are transmitted in the Layer 2 protocol layer between a terminal and an access node of the WLAN network. EAP messages (Extensible Authentication Protocol) are transmitted in the WLAN messages, said EAP messages containing SIP messages (Session Initiation Protocol) with SIP authentication data.

The invention relates to a method for transmitting data in a WLANnetwork, a corresponding device for transmitting such data, and acorresponding data network.

The transmission of data via wireless local area networks (WLANs) hasbecome more and more widely established over the last several years.WLAN stands for “Wireless Local Area Network” and denotes a localwireless network with ranges of several hundred meters. Nowadays, usersof terminal devices, in particular of mobile radio devices and laptops,have the opportunity to-register at any locations in commerciallyoperated WLAN networks. With this arrangement the user can locate aplurality of WLAN networks via his or her terminal device, each WLANnetwork comprising what are known as access nodes (usually referred toas “access points”) via which the user can obtain access to further datanetworks, in particular to the internet or to UMTS networks.

A variety of methods for authenticating a user at the access node of aWLAN network are known from the prior art. In the WLAN standard IEEE802.1x, for example, the EAP protocol (EAP=Extensible AuthenticationProtocol, see document [1]) known from the PPP environment(PPP=Point-to-Point Protocol) is used. Authentication mechanisms alreadyknown from the prior art, for example USIM or AKA, are in turn used inthe EAP protocol.

A disadvantage that reveals itself in the case of the authenticationmechanisms used in the WLAN environment is that the said mechanisms arenot very flexible and with them it is essentially only possible totransmit authentication data without more extensive information.

The object of the invention is therefore to provide a method fortransmitting data in a WLAN network which provides an improvedauthentication in further data networks that are connected to the WLANnetwork.

This object is achieved by the independent claims. Developments of theinvention may be derived from the dependent claims.

In the method according to the invention, WLAN messages are transmittedbetween a terminal device and an access node of the WLAN network in theL2 protocol layer, whereby EAP messages containing SIP messages with SIPauthentication data (SIP=Session Initiation Protocol) are transmitted inthe WLAN messages. The SIP protocol is sufficiently well known from theprior art (see [2]) and is used in IP-based networks for initializing aprotocol session. In this context the term SIP includes both thecurrently used SIP protocols and SIP protocols that are presently in theprocess of development, such as, for example, SIPng (=SIP nextgeneration). By integrating SIP authentication data in the EAP messagesit is possible not only for an authentication to take place in a WLANnetwork, but also for authentication procedures to be performed in allnetworks connected to the WLAN network, provided said networks are ableto process the SIP protocol. Since a multiplicity of data networks, inparticular all IP-based data networks, understand the SIP protocol, themethod according to the invention enables an authentication to becarried out in a multiplicity of networks.

The invention is based in particular on the knowledge that the relevantpart in the message exchange is congruent in EAP and SIP authentication,so the exchange can be performed synchronously and in coupled form. Inthis scheme the SIP protocol is used as the transport layer that isembedded between the EAP protocol and an authentication mechanism. Theauthentication mechanism used in the EAP protocol is thereby replaced bya SIP authentication mechanism. A further advantage of the methodaccording to the invention is that the outdated RADIUS protocol (see[3]) which is commonly used in IP-based networks can be dispensed withfor the authentication and newer mechanisms can be used in its place.

In a preferred embodiment, the SIP authentication data is generatedusing an authentication mechanism chosen from Kerberos, Digest, AKA,USIM, etc. All the said authentication mechanisms are sufficiently wellknown from the prior art, so this description will not deal in furtherdetail with these mechanisms.

In a particularly preferred embodiment, one or more SIP Proxy CSCFservers (CSCF=Call State Control Function) are used in order to processthe SIP authentication data. Said servers are well known from the priorart and are able to process the SIP authentication data and perform acorresponding authentication.

In a further preferred embodiment, the SIP messages additionally containSDP messages (SDP=Session Description Protocol). The SDP protocol islikewise well known from the prior art (see document [4]) and is usedfor describing protocol sessions in IP-based networks. In this contextthe term SDP includes both the currently used SDP protocols and SDPprotocols that are presently in the process of development, such as, forexample, SDPng (=SDP next generation).

In a further preferred embodiment, the WLAN messages contain specificmessages concerning possible data connections of the terminal device viathe access node to networks that can be connected to the WLAN network.In this case the specific messages are in particular contained at leastin part in the SDP messages mentioned in the foregoing. This enablesinquiries relating to possible data connections to be addressed via theWLAN protocol to the access node or, as the case may be, to networksconnected to the access node so that it can be clarified in advancewhether a data connection desired by the user of the terminal device ispossible at all or, alternatively, which data connections can be set upat all via the WLAN network.

The specific messages preferably contain inquiries and/or information inrelation to one or more data connection types and/or qualities of dataconnection and/or data connection costs and/or services provided by thedata connection. The user of the terminal device is therefore providedwith a multiplicity of decision criteria according to which he or shecan specify his or her desired data connection.

In a particularly preferred embodiment, the specific messages areevaluated and, depending on the results of the evaluation, it is decidedwhether the data connection is possible or, as the case may be, whichdata connection of the terminal device via the access node will be usedfor data transmission to networks that can be connected to the WLANnetwork. The desired data connection can thus be provided to the user ofthe terminal device automatically or, alternatively, the user can beinformed that the data connection required for his or her purposes isnot possible at all via the WLAN network. The specific messages arepreferably evaluated in the SIP Proxy CSCF servers already mentioned inthe foregoing.

In a particularly preferred embodiment, the WLAN messages conform to theWLAN standard IEEE 802.11. Furthermore, the networks that can beconnected to the WLAN network preferably include one or more 3GPP and/orIP networks.

In addition to the above described transmission method according to theinvention, the invention also comprises a device for transmitting datain a WLAN network, the device including:

-   -   an access node, whereby WLAN messages can be transmitted in the        L2 protocol layer (L2=Layer 2) between the access node and a        terminal device and EAP messages can be transmitted in the WLAN        messages, said EAP messages containing SIP messages with SIP        authentication data;    -   a computing unit connected to the access node (AP) for the        purpose of evaluating the SIP authentication data.

In a particularly preferred embodiment of the device according to theinvention, the computing unit comprises an SIP Proxy CSCF server.Moreover, the computing unit is preferably integrated in the accessnode.

In addition, the invention comprises a data network with a WLAN networkand one or more data networks that can be connected to the WLAN network,the data network being embodied in such a way that the above describedmethod according to the invention can be performed.

Exemplary embodiments of the invention are described below withreference to the attached drawings, in which:

FIG. 1 is the schematic representation of a data network in which thedata transmission method according to the invention can be performed,and

FIG. 2 is a schematic diagram illustrating the transmission of messagesby means of the EAP protocol.

The data network represented schematically in FIG. 1 comprises a WLANnetwork 1, an IP network 2 and a 3GPP network 3. A user terminal deviceUE (User Equipment), which can be, for example, a mobile radio device ora laptop, is wirelessly connected (as indicated by the zigzag arrow) toan access node AP (AP=Access Point) of the WLAN network. The access nodeAP is in turn connected to a Proxy CSCF server P-CSCF. Servers of saidkind are already well known from the prior art and are used forprocessing SIP/SDP messages.

An IP network 2 is connected to the access node AP or, as the case maybe, to the P-CSCF server P-CSCF. Said IP network is in turn connected toa 3GPP network 3. The 3GPP network comprises a plurality of componentswith the designations SGSN, GGSN, HSS, IMS, P-CSCF, I-CSCF, S-CSCF andPDGW. The components identified by these abbreviations are universallyknown building blocks of a 3GPP network and the terms hidden behind theabbreviations are generally known to the person skilled in the art.Since the structure of the 3GPP network plays no significant roleinsofar as the method according to the invention is concerned, thisstructure will not be dealt with in any further detail below. Suffice itto mention that the IP network is connected to the 3GPP network via thegateway PDGW.

In the method according to the invention, WLAN messages are exchanged inthe L2 protocol layer between the user terminal device UE and the accessnode AP, with EAP messages being transmitted in the WLAN messages, saidEAP messages in turn containing SIP messages with SIP authenticationdata. Said SIP messages are generated without an IP address beingassigned. In this case use is made of the fact that the EAP protocolprovides a tunnel for generic authentication mechanisms. Said tunnel isused in turn to transport SIP authentication data which enables anauthentication to be performed at the SIP Proxy CSCF server connected tothe access node AP. The authentication data can additionally betransmitted to further computers in the IP network 2 or, as the case maybe, in the 3GPP network 3 so that an authentication can also beperformed at more remote computers. This is indicated in FIG. 1 by thearrows P1, P2, P3, P4 and P5, which represent a data flow forauthentication of the terminal device UE at the computer S-CSCF of the3GPP network 3. Generally it will be clear from the contents of the SIPmessages which server is responsible for authentication for the terminaldevice UE and the server in question will be addressed via the SIPmessages.

Since SIP authentication data can be processed in all three networks 1,2 and 3, the SIP protocol can be used as the sole protocol forauthentication in the networks 1, 2 and 3. In this case mechanismsalready well known from the prior art, such as, for example, Kerberos,Digest, AKA, USIM and suchlike, will be used in particular asauthentication mechanisms. A particular advantage of the method is thatauthentication by means of the outdated RADIUS protocol can be dispensedwith in the IP network 2. While it is true that the so-called Diameterprotocol already exists as the successor to the RADIUS protocol, theDiameter protocol is not very widely established. In contrast thereto,the SIP protocol is a very commonly used protocol in networks, moreparticularly also in 3GPP networks.

In the exemplary embodiment of the method according to the inventiondescribed here, the SIP messages additionally contain SDP messages inwhich are stored inquiries or information concerning possible dataconnections of the terminal device UE via the access node AP to the IPnetwork and/or the 3GPP network.

These inquiries or information can include in particular an accessrequest which is specified by the user of the terminal device. Forexample, the access request can concern the type of data connection bymeans of which a data transmission is to take place via the access node.The user can, for example, specify that the data connection is to be setup via the internet. An inquiry of said kind can also relate to abandwidth desired by the user or to a delay or jitter of the dataconnection. It is therefore possible to choose the provider, for examplein unfamiliar foreign networks, according to predefined criteria.

The way in which the authentication according to the invention isperformed by means of the EAP protocol is illustrated in an exemplarymanner in FIG. 2. First, an EAPOL-Start message is sent by the userterminal device UE to the access node AP and the P-CSCF server connectedto the access node. Next, an EAP-Request/Identity message is sent to theterminal device UE by the access node. These first two messages are usedto initialize the EAP protocol. The actual authentication is thenperformed through the exchange of four further messages, designated asEAP-Response/Identity, EAP-Request, EAP-Response and EAP-Success.According to the inventive method, SIP authentication data of the SIPprotocol is transported in the EAP protocol, with known authenticationmechanisms being used in turn in said SIP protocol.

REFERENCES

-   [1] http://www.ietf.org/rfc/rfc2284.txt-   [2] http://www.ietf.org/rfc/rfc3261.txt-   [3] http://www.ietf.org/rfc/rfc2865.txt-   [4] http://www.ietf.org/rfc/rfc2327.txt

1.-15. (canceled)
 16. A method for transmitting data in a Wireless LocalArea Network (WLAN), comprising: transmitting WLAN messages between aterminal device and an access node of the WLAN network in the Layer 2protocol layer, wherein Extensible Authentication Protocol (EAP)messages are transmitted in the WLAN messages, the EAP messagescontaining Session Initiation Protocol (SIP) messages with SIPauthentication data.
 17. The method as claimed in claim 16, wherein theSIP authentication data is generated by using Kerberos, Digest, AKA, orUSIM as authentication mechanism.
 18. The method as claimed in claim 16,wherein the SIP authentication data is evaluated in one or more SIPProxy CSCF servers (Call State Control Function servers).
 19. The methodas claimed in claim 17, wherein the SIP authentication data is evaluatedin one or more SIP Proxy CSCF servers (Call State Control Functionservers).
 20. The method as claimed in claim 16, wherein the SIPmessages contain Session Description Protocol (SDP) messages.
 21. Themethod as claimed in claim 17, wherein the SIP messages contain SessionDescription Protocol (SDP) messages.
 22. The method as claimed in claim18, wherein the SIP messages contain Session Description Protocol (SDP)messages.
 23. The method as claimed in claim 16, wherein the WLANmessages contain messages concerning possible data connections of theterminal device via the access node to networks connectable to the WLANnetwork.
 24. The method as claimed in claim 22, wherein messagesconcerning possible data connections of the terminal device via theaccess node to networks connectable to the WLAN network are stored atleast in part in the SDP messages.
 25. The method as claimed in claim23, wherein the messages concerning possible data connections of theterminal device are stored at least in part in Session DescriptionProtocol (SDP) messages.
 26. The method as claimed in claim 23, whereinthe messages concerning possible data connections of the terminal devicecontain inquiries and/or information relating to one or more dataconnection types and/or qualities of data connection and/or dataconnection costs and/or services provided by the data connection. 27.The method as claimed in claim 23, wherein the messages concerningpossible data connections of the terminal device are evaluated and,depending on the results of the evaluation, it is decided whether thedata connection is possible and/or which data connection of the terminaldevice via the access node will be used for the data transmission tonetworks that can be connected to the WLAN network.
 28. The method asclaimed in claim 27, wherein the messages concerning possible dataconnections of the terminal device are evaluated in one or more SIPProxy CSCF servers (Call State Control Function servers).
 29. The methodas claimed in claim 16, wherein the WLAN messages are messagesconforming with the WLAN standard IEEE 802.11.
 30. The method as claimedin claim 16, wherein networks that can be connected to the WLAN networkcomprise one or more 3GPP and/or IP networks.
 31. A device fortransmitting data in a Wireless Local Area Network (WLAN), comprising:an access node, wherein WLAN messages can be transmitted between theaccess node and a terminal device in the Layer 2 protocol layer, andwherein Extensible Authentication Protocol (EAP) messages can betransmitted in the WLAN messages, the EAP messages containing SessionInitiation Protocol (SIP) messages with SIP authentication data; and acomputing unit connected to the access node for evaluating the SIPauthentication data.
 32. The device as claimed in claim 31, wherein thecomputing unit comprises a SIP Proxy Call State Control Function (CSCF)server.
 33. The device as claimed in claim 31, wherein the computingunit is integrated in the access node.
 34. A data network comprising aWireless Local Area Network (WLAN network) and a network that can beconnected to the WLAN network, wherein the data network is embodied insuch a way that the method according to claim 16 can be performed.